8153 matches found
CVE-2017-10709
CVE-2017-10709 affects Elephone P9000 devices running Android 6.0. The lockscreen can be bypassed to defeat the wrong-PIN lockout by pressing backspace after each PIN guess, using physical proximity as the attack vector. Documented impact indicates confidentiality, integrity, and availability may...
CVE-2017-11087
CVE-2017-11087 affects libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when the mediaserver path copies the output buffer to an application using the “filled length,” which can exceed the output buffer’s actual size, causing an information disclosure. Publicly...
CVE-2017-13228
CVE-2017-13228 affects Android (versions 6.0–8.1) via an out-of-bounds write in libavc ih264d_ref_idx_reordering caused by modCount defined as an unsigned char. This can lead to remote code execution with user interaction; CVSS indicates HIGH impact. Patches are described in the Android Security ...
CVE-2017-13269
CVE-2017-13269 is an Android information-disclosure flaw in Bluetooth affecting Android 5.1.1–8.1 (Android IDs A-68818034). The Pixel/Nexus bulletin classifies it as ID-type with Moderate severity and partial confidentiality impact. The issue is addressed in the March 2018 Android bulletin; apply...
CVE-2017-13313
CVE-2017-13313 affects the Android Media framework (ESQueue.cpp, ElementaryStreamQueue::dequeueAccessUnitMPEG4Video). The issue is an infinite loop caused by an incorrect bounds check, leading to remote denial of service with no additional privileges required. Availability impact is DoS; exploita...
CVE-2017-13318
CVE-2017-13318 affects HeifDataSource::readAt in HeifDecoderImpl.cpp, where an integer overflow can cause an out-of-bounds read leading to information disclosure. Exploitation requires user interaction and the attacker must be able to trigger the affected code path (AV: Adjacent, UI: Required). R...
CVE-2017-18652
CVE-2017-18652 affects Samsung mobile devices running M(6.0) and N(7.x). The issue is that SVoice can be exploited to execute arbitrary code by manipulating dynamic libraries, enabling code execution with the privileges of the compromised process. The vulnerability is tied to the SVoice component...
CVE-2017-18682
The CVE-2017-18682 entry concerns Samsung mobile devices across KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) where AudioService can crash the system due to incorrect exception handling and an unprotected intent. Affected Samsung identifiers are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117. Connecte...
CVE-2017-8262
CVE-2017-8262 is documented in multiple sources as a use-after-free race condition in Qualcomm components (GPU driver) within CAF Android Linux-kernel builds. Affected software is Qualcomm’s GPU driver stack integrated in CAF Android releases; root cause described as a race in memory allocation/f...
CVE-2017-8270
Technical details about CVE-2017-8270 are not publicly provided in the connected documents. The available sources only reiterate a race condition in Qualcomm CAF/Linux kernel driver; monitor for updates and disclosures.
CVE-2017-9698
CVE-2017-9698 relates to Android for MSM, Firefox OS for MSM, and QRD Android builds based on CAF Linux kernels. The vulnerability stems from improperly specified offset/size values for a submission command, which can trigger a math operation overflow and lead to access to arbitrary memory. The c...
CVE-2018-12006
The CVE-2018-12006 entry applies to CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) that use the Linux kernel. Root cause: uninitialized padding in a display function. Impact: local attackers with no privileges may access leaked data (information disclosure). Exploitation ...
CVE-2018-12010
CVE-2018-12010: Concrete details in connected docs show a stack overflow with memory corruption in the trustzone region affecting Android releases using CAF’s Linux kernel. The root cause is an absence of length sanity checks in the kernel path, leading to potential local impact on trustzone. Rep...
CVE-2018-21078
The CVE-2018-21078 entry relates to Samsung mobile devices running M(6.0), N(7.x), and O(8.0) where the Contacts app improperly secures Supplementary Service (SS) and USSD codes, enabling attackers to originate video calls. Public details in the provided documents note the Samsung ID SVE-2018-114...
CVE-2018-5849
CVE-2018-5849 affects Qualcomm QTEECOM driver on Android (CAF) where a race condition when multiple HLOS clients load the same TA can cause a Use-After-Free, enabling Elevation of Privilege. Documented impact is EoP with High/Partial confidentiality/integrity/availability implications; CVSSv3 bas...
CVE-2018-9340
CVE-2018-9340 affects Android Framework: in ResStringPool::setTo of ResourceTypes.cpp an attacker can cause mStringPoolSize to be out of bounds, leading to information disclosure. Root cause is out-of-bounds handling in ResStringPool. The CVE is listed in Android’s June 2018 security bulletin, wi...
CVE-2018-9409
The CVE-2018-9409 entry affects Android’s Media framework, specifically the HWC (Hardware Composer) path: HWCSession::SetColorModeById in hwc_session.cpp. The root cause is a missing bounds check, leading to a possible out-of-bounds write. This could enable local elevation of privilege with no ad...
CVE-2018-9421
CVE-2018-9421 is a local information-disclosure flaw in Android’s Media framework involving Parcel.cpp writeInplace and Binder; uninitialized data could leak across processes. Current documents confirm the issue and indicate it affects Android devices via local access with no user interaction. Th...
CVE-2018-9430
CVE-2018-9430 is an out-of-bounds write in btif_storage.cc (prop2cfg) that can lead to remote code execution without user interaction. Affected: Android Pixel/Nexus devices; root cause described as incorrect bounds check triggering a write beyond limits. Impact: high (RCE), network attack vector ...
CVE-2018-9441
CVE-2018-9441 affects the Android Pixel/Nexus stack, caused by an out-of-bounds read in sdp_copy_raw_data within sdp_discovery.cc due to an incorrect bounds check. This vulnerability enables local information disclosure without extra execution privileges; exploitation requires user interaction. M...
CVE-2018-9456
CVE-2018-9456 affects Google Android components, specifically the SDP utility: sdpu_extract_attr_seq in sdp_utils.cc. The issue is a possible out-of-bounds read due to an incorrect bounds check, enabling remote denial-of-service without extra privileges or user interaction. Connected sources (Red...
CVE-2018-9493
CVE-2018-9493 affects Android’s Download Manager content provider, with an SQL injection due to improper input validation. This could lead to local information disclosure without extra privileges or user interaction. Affected Android versions include 7.0–9.0. The provided sources describe the iss...
CVE-2018-9585
The CVE-2018-9585 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9 in the NFC subsystem. Root cause: a missing bounds check in nfc_ncif_proc_get_routing within nfc_ncif.cc leads to an out-of-bounds write. Impact: local elevation of privilege with no additional execution privileges needed;...
CVE-2019-2036
CVE-2019-2036 affects Google Android where in HidHostService.java the function okToConnect contains an incorrect state check, enabling a possible permission bypass. This could allow remote escalation of privilege with no additional execution privileges or user interaction required. The vulnerabil...
CVE-2019-20557
CVE-2019-20557 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The vulnerability allows attackers to bypass Factory Reset Protection (FRP) by manipulating a SIM card to block the PUK code. The issue is a device-side bypass of FRP, with the described impact being the inability t...
CVE-2019-20590
CVE-2019-20590 affects Samsung mobile devices running O(8.x) software on Qualcomm chipsets, with an integer underflow in the Secure Storage Trustlet (Samsung ID SVE-2019-13952). Connected sources (Red Hat, NVD, CVE listing) confirm the vulnerable component and root cause as an underflow in Secure...
CVE-2019-20612
The CVE-2019-20612 entry applies to Samsung mobile devices running N(7.x) and O(8.x) firmware that use Broadcom Wi‑Fi and SEC Wi‑Fi chipsets. The issue is a denial-of-service condition triggered by TCP SYN packets directed at the Wi‑Fi subsystem, with the vulnerability described as a problem in t...
CVE-2019-9373
Technical details about CVE-2019-9373 are not provided in the supplied documents. Monitor for updates from official advisories; no specific affected products, payloads, or mitigations are disclosed here.
CVE-2020-0008
CVE-2020-0008 affects Android 8.0–10 and is described as a race-condition in LowEnergyClient::MtuChangedCallback that can cause an out-of-bounds read. The issue enables local information disclosure without requiring user interaction or additional privileges. The vulnerability is documented across...
CVE-2020-0024
CVE-2020-0024 affects Android 8.0–10 in SettingsBaseActivity.java via a permissions bypass in onCreate, enabling local escalation of privilege. Exploitation requires user interaction and does not require initial execution privileges, per the NVD entry. Affected products are Android 8.0/8.1/9/10; ...
CVE-2020-0033
CVE-2020-0033 involves an out-of-bounds write in CryptoPlugin::decrypt (CryptoPlugin.cpp) causing local elevation of privilege on Android. The issue arises from a stale pointer in the CryptoPlugin decryption path, requiring LOCAL access with LOW attack complexity and no user interaction (per CVSS...
CVE-2020-0035
Technical details for CVE-2020-0035 are not provided in the connected documents; the available materials describe a local information disclosure in TelephonyProvider.java affecting Android 8.0–9. Monitor for updates.
CVE-2020-0101
CVE-2020-0101 affects Android devices (Android 8.0–10) and is linked to the BnCrypto::onTransact path in ICrypto.cpp. The vulnerability is an information disclosure due to uninitialized data, enabling local information exposure with system privileges, and requires no user interaction. Public docu...
CVE-2020-0263
CVE-2020-0263 affects Android 11, specifically the Accessibility service. A security issue causes a permission bypass via an unsafe PendingIntent, enabling local information disclosure without user interaction (local attacker privileges required). The Core impact is information disclosure with hi...
CVE-2020-0365
CVE-2020-0365 affects Android 11 netd; root cause is a missing bounds check causing an out-of-bounds read that can lead to a remote DoS without user interaction. Exploitation is Local with low complexity; impact is DoS with partial availability impact. Remediation: addressed in Android 11 release...
CVE-2020-0425
Technical details about CVE-2020-0425 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.
CVE-2020-13834
Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided connected documents; monitor for updates.
CVE-2020-26597
The CVE-2020-26597 entry concerns LG mobile devices running Android 9.0–10, where the Wi‑Fi subsystem has an incorrect input validation that leads to a crash. The issue is tied to LG’s internal ID LVE-SMP-200022 (October 2020). Affected component: Wi‑Fi stack on affected LG devices; root cause st...
CVE-2020-26598
CVE-2020-26598 affects LG mobile devices running Android 8.0–9.0, with the issue in the Network Management component. The root cause is described as a vulnerability that could allow an unauthorized actor to terminate (kill) an established TCP connection. CVSS metrics indicate a network vector wit...
CVE-2020-28344
CVE-2020-28344 affects LG mobile devices running Android 8.0–10. The root cause is a missing NULL parameter check leading to a NULL pointer dereference, which may cause system services to crash. The available documents (NVD, Red Hat, CVE listing) reiterate this description; no specific CVE patch ...
CVE-2021-0401
Summary: CVE-2021-0401 describes a memory corruption due to a race condition in vow that could enable local privilege escalation to SYSTEM on Android devices (Android-10/Android-11). The issue is triggered by a race in vow’s handling, requiring user interaction for exploitation. The patches refer...
CVE-2021-25334
CVE-2021-25334 concerns an improper input validation in Samsung mobile devices’ wallpaper service. The vulnerability could allow an untrusted application to cause a permanent denial of service, due to an input check flaw in the wallpaper service. Affected products are Samsung mobile devices (prio...
CVE-2021-25490
CVE-2021-25490 documents a keyblob downgrade attack in Samsung’s Keymaster TA (TrustZone) that enables triggering IV reuse with a privileged process. The root cause is related to the legacy keyblob/blob implementation in Keymaster, allowing misuse of initialization vectors. Affected devices inclu...
CVE-2022-20014
The CVE-2022-20014 entry concerns the vow driver, where improper input validation can cause memory corruption leading to local escalation of privilege with System execution privileges required. Exploitation does not require user interaction according to the description. The vulnerability is assoc...
CVE-2022-20021
CVE-2022-20021 involves the Bluetooth stack failing to handle multiple LMP_host_connection_req messages, enabling remote denial of service without additional privileges or user interaction. The issue is described across multiple feeds as a Bluetooth crash risk, including MediaTek chip references....
CVE-2022-20242
CVE-2022-20242 describes a side-channel information disclosure in Android 13’s Telephony component that can reveal whether an app is installed, without query permissions. This enables local information disclosure with no user interaction, as indicated in the description. Affected product: Android...
CVE-2022-20254
CVE-2022-20254 affects Android 13 Wi‑Fi: a permissions bypass allows local escalation of privilege from a guest user with no extra privileges and no user interaction required. The vulnerability is described across multiple sources (Android 13 security release notes and CVE entries) as a Wi‑Fi per...
CVE-2022-20266
In CVE-2022-20266, the Android 13 Companion component is affected by improper input validation that can allow a service to run with elevated importance without showing a foreground service notification. This enables local elevation of privilege and requires user interaction to exploit; no extra e...
CVE-2022-20273
Summary: CVE-2022-20273 affects the Android Bluetooth stack on Android 13, involving an out-of-bounds read caused by a heap buffer overflow that could lead to remote information disclosure. Exploitation requires no user interaction and can be attempted from an adjacent network position (attack ve...
CVE-2022-20284
CVE-2022-20284 affects Android 13 Telephony. A missing permission check enables local information disclosure of phone accounts; no user interaction is required. Exploitation requires user privileges (LOW) and local access (UI:N). Impact is confined to confidentiality (HIGH); integrity/availabilit...